Menu
▾
▴
Re: [Sshguard-users] help configuring sshguard with ufw
|
From: Micheal B. <mb...@gm...> - 2014-11-02 09:07:46
|
Sent: Saturday, November 01, 2014 at 6:27 AM From: "jo...@te..." <jo...@te...> To: ssh...@li... Cc: mb...@gm... Subject: Re: [Sshguard-users] help configuring sshguard with ufw Le vendredi, 31 octobre 2014 23:03:55 +0100, "Micheal Blue" <mb...@gm...> a écrit : Hello, > I am using ufw (https://launchpad.net/ufw) and would like to know how > to configure it to correctly work with sshguard. I saw the guide > (http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/[http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/]) > which shows a number of iptables commands but I must admit that with > ufw, the rule setup does not use these. I would like to keep the > configuration within the ufw syntax if possible. Can someone point > me to a guide that shows how to configure ufw with sshguard or is > this not possible? I think you got it wrong at the beginning, presuming you are running a Linux machine. I do not use ufw although a quick look shows that it uses iptables. ufw is a front end, like many others, like Shorewall for instance, to the just about only one mechanism in Linux that can make firewalls, that is, iptables. It means that there is no problem at all. Since both ufw and sshguard are using iptables, there is nothing to do. Cheers. Yes, I am using Arch Linux. There is an sshgaurd package in the official repos. But I am confused since the docs show to manually add rules which is something I have never done before. When you said there is nothing to do, When I install sshgaurd, the package manager says: -- You should add chains to your firewall: -- iptables -N sshguard -- iptables -A INPUT -p tcp --dport 22 -j sshguard -- ip6tables -N sshguard -- ip6tables -A INPUT -p tcp --dport 22 -j sshguard -- touch /etc/iptables/ip6tables.rules if you don't use IPv6 -- For more information, see https://wiki.archlinux.org/index.php/Sshguard The package comes with a systemd service: [Unit] Description=Block hacking attempts After=iptables.service ip6tables.service network.target Wants=iptables.service ip6tables.service [Service] ExecStart=/usr/lib/systemd/scripts/sshguard-journalctl "-b /var/db/sshguard/blacklist.db" SYSLOG_FACILITY=4 SYSLOG_FACILITY=10 [Install] WantedBy=multi-user.target |
